Nexus Mods API released

Since we teased it back in October, our developers have been working hard on finalising the Nexus Mods API and today I'm pleased to report we’re ready to open the virtual doors to the public.

What is the Nexus Mods API?

It’s a set of instructions developers can use to access features and information from our service. We’ve been developing the API in parallel with Vortex to ensure it has a host of useful features. This is a more modern replacement to the ageing system applications like Nexus Mod Manager have been using for the last few years.

What can I do with the API?

If you’re looking to make use of our data for a mod manager, Discord bot or integration into your game, you can view the full API documentation here﻿. As a brief rundown of the features of the API you can:

Mods:

Get the latest, recently updated or trending mods.

Get mod metadata.

Get a list of files and file info on a mod.

Games:

Retrieve a complete list of games.

Get information on a specific game.

Users:

Users can log in to your application with their Nexus Mods account via their API key or our Single sign-on (SSO) page.

Manage tracked and endorsed mods on a user’s account.

Keys! Clinky shiny keys!

When using an app that talks to our API, you’ll need an API key. We’ve added a new page to your user account settings where you can see your keys to different apps or request a unique one for your user account.

Will this break my current mod manager?

If you’re currently using Nexus Mod Manager, Mod Organizer or another app that uses the old method of getting data from us, you won’t see any change immediately. We have already reached out to the developers of some of the key modding tools that use the old service and will be consulting with them in their efforts to migrate to the new API.

We are giving notice that the old system will be switched off 3 months from today (Monday, 13th May 2019). This should give developers plenty of time to update their apps to the new API method. After this point, you can still continue to use any software that has not been updated, but you will have to install your mods manually.

Registering my app

If you're creating an app which takes advantage of our API, you can contact the Community Managers (BigBizkit or Pickysaurus) to get your application approved. Only approved applications will be able to use the Single sign-on (SSO).

You can also ask the user to enter their Personal API Key from the API Access page in their settings in order to log into your app - this method does not require approval.

Feedback, support and suggestions

We’ve opened up a new channel on the Nexus Mods Discord server dedicated to all things API. If you are having problems using the API or have suggestions on how it can be improved, you can get in touch with us through the Discord or email us.

41 comments

There is a blurb about the new API change at the GitHub NMM site. I wish someone would update it and confirm they are working on making NMM compliant or state they throwing in the towel and capitulating to Vortex. "Yeah, we give in. Let there be one manager to rule them all and to Nexus bind them".

I didn't like the user interface of Vortex when it was in beta and I don't like it any more now. I guess I'm going to have to get everything setup mod wise for my games with NMM and then image the drive before it potentially gets disabled.

Then again I still don't like the site redesign either, so what do I know.

As people on the Mod Organizer 2 discord know, we are already testing dev builds with the new API, so you can rest assured MO2 will get an update in time to support the change. (It has been in the works already for a while)

About MO1, there hasn't been any discussion yet about updating it. Since the update does take quite a considerable amount of time an effort, it could be that there is no one with enough free time to dedicate to it.

There are sill people that are fond of NMM, despite the fact that that it's no longer supported. I do believe someone of the long term fans might update it, even though I personally don't agree on that trustworthiness statement.Like with MO1 it all depends on whether there is someone there willing to put in the time and effort. Nexus staff will, understandably, not update NMM.

Yours truly is sticking with NMM for the simple fact that any attempt to migrate a 1,000+ Active Mods installation from NMM to Vortex is sure to FAIL on an EPIC SCALE. I'm not about to play literal Russian roulette with my modded Skyrim SE installation. Hopefully NMM will be updated to support the new API at some point since I cannot migrate my entire modded install from NMM to Vortex.

I'm fighting the hassle now with it. NMM will no longer download mods on my computer so I tried to migrate to Vortex.

ALL of the mods I was using are now F.U.B.A.R. and I'm going to have to start all over. Vortex has pissed all over my system and now I have to go through all directories to find files that I must now remove so that I will be able to again play FO4

I happened to switch over to vortex at a time where I already wanted to reinstall everything fresh, so the inconvenience was a given. And I've never installed more then a few dozen mods at a time, a habit I got from NMM because it seemed not to like going big whenever I tried.

I don't quite understand this. Is the only reason this new (API) is being introduced is because of Vortex?

It's being introduced so that others can write small programs of their own that interact with (some of) the Nexus data the way Vortex can. Some of those programs might extend or enhance the capabilities of Vortex, but that's up to those who write them.

I'm glad you mentioned games being able to use this as well. Because I've fiddled around with a number of IDEs as a hobby. And one of the things I thought would be cool to do would be to make the game Nexus/Vortex-aware to some extent in the way Steam Workshop games are for the workshop.

Like, if someone boots up the game without booting Vortex, the game can go check for mod updates and let the user know. That's super handy.

That password verification is also EXTREMELY nice, since it takes a lot of the security-load off of the application developer who wants to do that kind of integration. Props for this in particular.

al12rs wrote: The new API features an account based limit of 2500 daily requests, after which you get an extra 100 each hour.If you are with no requests left, all nexus requests are blocked (this includes downloading manually).Downloading a file is 2-3 requests, checking a mod for file updates is 1-2 requests. Logging In uses requests as well.

Limiting API calls is standard procedure to avoid overloading servers with requests, slowing them down. Otherwise the API functionality might get compromised for everyone because someone is abusing it.This particular implementation is pretty simplistic, but should serve it's purpose well.Nexus staff mentioned that they are monitoring usage and will adjust the limits in case they deem it necessary.

DoctorKaizeld wrote: Ooooh that

damanding wrote: Among other things it slows down file scraping from people downloading all mods in mass to illegally host on their own sites.

DoctorKaizeld wrote: Ooooh thatal12rs wrote: The new API features an account based limit of 2500 daily requests, after which you get an extra 100 each hour.If you are with no requests left, all nexus requests are blocked (this includes downloading manually).Downloading a file is 2-3 requests, checking a mod for file updates is 1-2 requests. Logging In uses requests as well.

Limiting API calls is standard procedure to avoid overloading servers with requests, slowing them down. Otherwise the API functionality might get compromised for everyone because someone is abusing it.This particular implementation is pretty simplistic, but should serve it's purpose well.Nexus staff mentioned that they are monitoring usage and will adjust the limits in case they deem it necessary.DoctorKaizeld wrote: what user rate limiting?MrJohn wrote: What is the reasoning for the user-rate limiting?

damanding wrote: Among other things it slows down file scraping from people downloading all mods in mass to illegally host on their own sites.

I admit this is concerning to me. I check for mod updates through MO2 about once a week. My understanding was that this is just a ping to see if the current version is the same as the version on my computer. But from what you are saying the API will treat this the same as attempting to download the entire mod for every mod managed by MO2, whether it needs an update or not and whether the mod is currently being used or not.

Per MO2 I currently have ~3400 mods for Skyrim SE and almost 1900 for Fallout 4. The vast majority are not being used, but MO2 lists them regardless. MO2 has only one means of checking for updates - a clickable link labelled "Check all for update". It is not possible to select a sub-set or selection of mods to check - all of the mods listed in MO2 are checked. So I cannot, for example, check only half one day and half another day. Now, I already have separate installations of MO2 for Skyrim SE and Fallout 4, so I should not have any issues with Fallout 4 if the user limit is 2500. I also usually check the two of them for updates on different days, so again there is no real issue with Fallout 4.

But for Skyrim this means that I will be locked out of nexus before the check for updates is even finished, let alone before I can start going to the nexus pages to see about downloading said updates. I don't mind being limited in how many files or how many MB I can download per day or even per hour - that is entirely reasonable. But counting checks of the current version as downloads - even when the versions match - just seems incredibly unreasonable.

We do a lot of trickery to get around the api limit. Like using a single call to get list of mods that have been modified in the last moth and cross referencing those with your modlst. Another thing is that all mods with the same nexus mod id (so patches, duplicated mods etc) will only be checked once.But your setup seems like it would be a really great stress test for the dev build, to determine if indeed the limits are too harsh, and if we can improve things on our end.We did for example add an option to updateCheck a single mod (right click menu).Here is the link to the discord server with the dev builds: https://discord.gg/6GKR9jZ

Okay, knowing that MO2 can query which mods have updated within the last month relieves most of my worries. If I only have to worry about mods that have updated within the last month then the worst case scenario is when Skyrim SE updates in a manner that requires most mods with a dll to update, and that would be less than 100 (currently about 60 or 70, I think). It is also nice to know that a means is being developed to check some mods for update without checking every mod. Between these I no longer see a 2500 / day limit ever causing an issue.

The new API features an account based limit of 2500 daily requests, after which you get an extra 100 each hour. If you are with no requests left, all nexus requests are blocked (this includes downloading manually).Downloading a file is 2-3 requests, checking a mod for file updates is 1-2 requests. Logging In uses requests as well.

Limiting API calls is standard procedure to avoid overloading servers with requests, slowing them down. Otherwise the API functionality might get compromised for everyone because someone is abusing it.This particular implementation is pretty simplistic, but should serve it's purpose well. Nexus staff mentioned that they are monitoring usage and will adjust the limits in case they deem it necessary.

al12rs wrote: The new API features an account based limit of 2500 daily requests, after which you get an extra 100 each hour.If you are with no requests left, all nexus requests are blocked (this includes downloading manually).Downloading a file is 2-3 requests, checking a mod for file updates is 1-2 requests. Logging In uses requests as well.

Limiting API calls is standard procedure to avoid overloading servers with requests, slowing them down. Otherwise the API functionality might get compromised for everyone because someone is abusing it.This particular implementation is pretty simplistic, but should serve it's purpose well.Nexus staff mentioned that they are monitoring usage and will adjust the limits in case they deem it necessary.

DoctorKaizeld wrote: Ooooh that

damanding wrote: Among other things it slows down file scraping from people downloading all mods in mass to illegally host on their own sites.

I admit this is concerning to me. I check for mod updates through MO2 about once a week. My understanding was that this is just a ping to see if the current version is the same as the version on my computer. But from what you are saying the API will treat this the same as attempting to download the entire mod for every mod managed by MO2, whether it needs an update or not and whether the mod is currently being used or not.

Per MO2 I currently have ~3400 mods for Skyrim SE and almost 1900 for Fallout 4. The vast majority are not being used, but MO2 lists them regardless. MO2 has only one means of checking for updates - a clickable link labelled "Check all for update". It is not possible to select a sub-set or selection of mods to check - all of the mods listed in MO2 are checked. So I cannot, for example, check only half one day and half another day. Now, I already have separate installations of MO2 for Skyrim SE and Fallout 4, so I should not have any issues with Fallout 4 if the user limit is 2500. I also usually check the two of them for updates on different days, so again there is no real issue with Fallout 4.

But for Skyrim this means that I will be locked out of nexus before the check for updates is even finished, let alone before I can start going to the nexus pages to see about downloading said updates. I don't mind being limited in how many files or how many MB I can download per day or even per hour - that is entirely reasonable. But counting checks of the current version as downloads - even when the versions match - just seems incredibly unreasonable.

We do a lot of trickery to get around the api limit. Like using a single call to get list of mods that have been modified in the last moth and cross referencing those with your modlst. Another thing is that all mods with the same nexus mod id (so patches, duplicated mods etc) will only be checked once.But your setup seems like it would be a really great stress test for the dev build, to determine if indeed the limits are too harsh, and if we can improve things on our end.We did for example add an option to updateCheck a single mod (right click menu).Here is the link to the discord server with the dev builds: https://discord.gg/6GKR9jZ

It'd be great if the 200 responses would be documented through swagger so we can know the data format to expect for a successful request without having to actually test the request ourself. I'm happy to help out with adding that if the Nexus Staff don't feel like they don't have time to add it themselves.

I must say that this change really makes it feel like Nexus Mods has moved forward in supporting developers of third party tools. It's a great step to take and I wholeheartedly approve.

"Applications should send a valid user agent string identifying the application/library they are using and system information. This allows us to collect statistics and aides with debugging potential problems." What does that mean?

as Kerber has stated, the api does not request everything about your computer, and even with its diagnostics it still requests less information than many programs you probably already use do. chrome and chromium based browsers (opera, cent, ghost, sleipnir, and others) all request data from you that is typically more data than the nexus api will collect. If you have a smart phone or a smart TV or a smart speaker or any device that has bluetooth, chances are you are being data mined. Smart phones use your location and speed and similar to determine road conditions, smart speakers and smart home devices use what you say to determine what ads you should get next time you open their webpage. smart tvs will report your viewing preferences to be able to promote different products in your ads.

You are being mined now, while you view this message by Amazon, who owns Curse LLC, who provide the ad service for Nexus Mods, which is why there was a popup message from curse the first time you accessed this site since mentioning cookies

Really Nexus will not know anything you are not sending yourself. And all you are sending is the header Kerber showed you before, and that really is basic information that is actually useful to debug problems.

I'd like to chime in here. While I'm privacy-conscious, I'm also aware of how to respectfully and politely ask questions about privacy rather than accuse the Nexus Staff of any nefarious deeds.

If you're super-concerned about privacy, you will probably be accessing this website via a VPN and using a throwaway/temporary account to post that you change up every month or more often depending on your level of paranoia.

You'll also want to purchase an unlocked Android phone, create a custom mod for it (or use an existing one that you compiled from source code yourself) with an open-source location service (no google apps) and alternative storefronts like F-Droid instead of Google Play. Also be sure if you get a Samsung phone (which you should) to use the alternative open-source firmware that removes all the hidden root commands to remotely enable your microphone/camera and other creepy bits that are present in the default firmware that comes with every Samsung phone. That's why modern phones have non-removeable batteries as removing the battery is the only way to disable this functionality for normal non-techy users.

And I hope you're using a Linux-based OS on your computer. Be sure you use Gentoo and compile EVERYTHING manually from source code with verified hashes and certificate pinning to make sure you're getting only the legit source code from the legit sources! Give it a good week or so of compiling depending on your CPU speed. ^_^

The ultimate in privacy is to run everything off of a USB key from a thinshell client computer at a library or something. The legality of this varies depending on your country (please don't be a jerk, ask the library staff first) but there are entire linux-based operating systems designed around being as minimal and private as possible.

And if you're still reading all this then maybe you understand that in the modern era if you want 100% privacy (or even above-normal privacy) then you'll have to give up several conveniences inherant to modern life. Good luck with that.

I've analyzed the data from Nexus Mod Manager and Vortex via WireShark and other network-debugging tools on my home network. Nothing abnormal that I've seen.

You should be more worried about any games that use that Denuvo-malware that they call 'DRM'. What a joke. That trash phones home to Russian-based activation servers and Denuvo themselves are overseen by Russian-based state actors masquerading as security researchers.

Keep your private online personas and your public IRL persona separated as much as possible. That's what I do. VPN is also great to use. Other than that if you own a mobile phone at all you're giving up some privacy for convenience since you will be location-located at any time for any reason or no reason (primarily 911/emergency and law enforcement felony-capture reasons). That's the tradeoff of being able to call anyone from anywhere at any time. That's the tradeoff of using the government-owned and government-maintained and government-funded infrastructure of the Global Positioning System.

But yeah, throw up the alarm over what Nexus does. Lol. Do what ya want ^_^